[cap-talk] Why tokens have short lifetimes in OAuth-WRAP
Karp, Alan H
alan.karp at hp.com
Wed Mar 17 16:39:29 PDT 2010
I just got a response to
> Why do the servers need to continually check? Can't they wait until they
> need to use the token before checking?
"Yes. Some systems need to optimize this check, and it's much easier to optimize if the tokens are short-lived. Bloom filters and cryptography both come in useful."
I don't understand it at all. Any ideas what he's talking about?
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk